zero-day exploits

Zero-Day Exploits: How to Protect Yourself in Four Simple Steps

May 1, 2017 | By

Recently, a few of our users have reached out to ask what we think about the latest Microsoft zero-day exploit. In a nutshell, this exploit quietly installs malware by exploiting a serious vulnerability attackers found in Microsoft’s popular Office software. The attack comes in via email as a malicious Word attachment that can execute automatically, deploying malware of the attacker’s choosing onto the victim’s machine.

When the Hacker News article linked above was published, Microsoft had yet to release a patch (as we’ll explain below, it has since been addressed). We can be fairly certain that attacks like this will continue in different forms, so we thought it helpful to understand it and help readers be prepared for the next round.

This Microsoft Word exploit can obviously be scary for businesses and personal users alike. Think about it: How many Word attachments do you open up in a given week? Probably quite a few! But while it shouldn’t be taken lightly, with proper precautions, it does not need to be a major concern at this point from our perspective.

In fact, there are four major steps we recommend all businesses (and even home users!) take to protect themselves against zero-day threats like this one.

4 Ways to Defend Against Zero-Day Exploits

The good news in this case, as we mentioned, is that Microsoft released a patch as of Tuesday, April 11, that fixes the vulnerability targeted by the exploit.  As long as businesses and users are implementing a patching process that is timely, this attack would be prevented for them.

Over at Strongarm, we have built an extra layer of protection against this for our customers. We have been tracking numerous Dridex Trojan distributors—the Trojans downloaded during this exploit attack—and have added them to our blacklisted domains.  So, if your organization were to be attacked before Microsoft released the patch or before you were able to install the patch, Strongarm would still see the communication, block it, and keep the system protected.

In order to keep yourself and other users safe from any document-related viruses or zero-day exploits, we recommend the following four steps:

  1. Educate Users: Keep educating users not to open emails if they are unsure who sent the email.  Bottom line:  DO NOT OPEN SUSPICIOUS ITEMS. (See our full tips to spot phishing emails.)
  2. Use Auto-Update: Make sure that Microsoft Office is either set to Automatic Updates or that a timely patch process is in place.  Office 365 and the Office Subscriptions are already setup to install the latest updates, unless disabled.
  3. Enable Protected View: Make sure that Protected View is enabled for all Microsoft Office products.  This prevents Macros and other changes from occurring with documents and spreadsheets.
  4. Deploy Strongarm: Protect your network with Strongarm to provide a layer of protection in case any malware is installed before a patch can be implemented.

Don’t let these exploits be used against you. A simple set of protections, backed up with Strongarm, can keep you safe while the exploits are being used in the wild. Ready to give it a shot?

Start Free Trial